The BrakTooth scope

September 10, 2021

The most popular SoCs on the market run corrupted Bluetooth installed that hackers use to lock, freeze, or take control of these devices. Some manufacturers have looked the other way.

This week, vulnerabilities such as Braktooth were discovered, which helps attackers lock and freeze devices or run malicious code and control systems. It can leave billions of devices at the mercy of Denial-of-Service (DoS) and Arbitrary Code Execution (ACE) attacks.

This report was possible thanks to researchers from the Singapore University of Technology and Design.

Experts have mentioned that manufacturers install the same Bluetooth firmware within more than 1,400 chipsets, and it's worse.

Among the devices that may be affected are:

  • Laptops
  • Smartphones
  • Industrial equipment
  • Cars
  • Intelligent IoT devices.

The most alarming thing is that there are billions of those affected. On the other hand, the impact of Braktooth is different depending on the SoC board that the device mounts and the Bluetooth software stack that it carries.

Relevant facts:

  • "The CVE-2021-28139 vulnerability allows attackers to run their malicious code on devices through Bluetooth LMP (Link Manager Protocol) packets and thus control the entire device." - Computer Today.
  • "The most vulnerable devices are Microsoft Surface laptops, Dell desktops, and various models of smartphones with Qualcomm SoC." - Computer Hoy

For instance, we will have to see how the scope of this failure is defined.

Sources:

  • Carvajal, C. (September 06, 2021). Braktooth, el bluetooth Gate que afecta a millones de dispositivos: móviles, portátiles e incluso coches. Retrieved from: https://computerhoy.com/noticias/tecnologia/braktooth-bluetooth-gate-afecta-millones-dispositivos-moviles-portatiles-incluso-coches-926619
    https://screenrant.com/braktooth-security-exploit-what-is-it/
  • Kundu, K. (September 07, 2021). BrakTooth Security Exploit: What Is It & Who Is Affected? Retrieved from: BrakTooth Security Exploit: What Is It & Who Is Affected?

Authored by:
Jorge Daniel Tejeda